PayPal investigates account compromised twice in one day

PayPal to investigate bizarre account hack that included attempt to transfer funds to a dead ISIS hacker

PayPal is investigating an incident in which a user's account was compromised and used in a thwarted attempt to send money to a dead ISIS hacker.

Despite the use of two factor authentication, a cybercriminal was reportedly able to log into the account of independent security researcher Brian Krebs and add an unauthorized email account, not once, but twice, on Christmas Eve 2015.

A PayPal spokesperson told SCMagazine.com via email it appears the company's standard procedures were not followed in this case, but didn't specify whether Krebs or PayPal was at fault.

"While Mr. Krebs' funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again,” the spokesperson said.

The security researcher notified the online payment service of the initial unauthorized email change and was assured that his account would be monitored. However, the account was again compromised. The hacker added the same email account and changed the password and allegedly attempted to send money to an ISIS hacker who was killed in a drone strike earlier that year. The account was then shut down.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.